Announcement Announcement Module
Collapse
No announcement yet.
Spring Security+hibernate Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security+hibernate

    Good afternoon,
    I am a student of computer science and am trying to learn Spring Security for a small login system.
    Unfortunately I have a problem I can not solve.
    within my project I have two classes SpringSecurityContext and UserSession that are used by classes and LoginService LoginController to perform all the operations log.
    the class SpringSecurity is:
    Code:
    public class SpringSecurityContext
    {
        public static UserSession getUser(final HttpSession httpSession)
        {
            SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");
            if (securityContext != null)
            {
                return (UserSession) securityContext.getAuthentication().getPrincipal();
            }
            else
            {
                securityContext = SecurityContextHolder.getContext();
                return (UserSession)securityContext.getAuthentication().getPrincipal();
            }
        }
    
        public static void removeUser(final HttpSession httpSession)
        {
            final SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");
            if (securityContext != null)
            {
                securityContext.setAuthentication(null);
            }
            else
            {
                SecurityContextHolder.getContext().setAuthentication(null);
            }
        }
    
        public static void setDefaultUser(final HttpSession httpSession)
        {
            final UserSession userSession = new UserSession();
            final UsernamePasswordAuthenticationToken authenticate = new UsernamePasswordAuthenticationToken(userSession,
                    userSession.getPassword());
            SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");
            if (securityContext != null)
            {
                securityContext.setAuthentication(authenticate);
            }
            else
            {
                securityContext = SecurityContextHolder.getContext();
                securityContext.setAuthentication(authenticate);
                httpSession.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
            }
        }
    
        public static void setUser(final HttpSession httpSession, final User user)
        {
            final UsernamePasswordAuthenticationToken authenticate = new UsernamePasswordAuthenticationToken(user, user.getPassword());
            SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");
            if (securityContext != null)
            {
                securityContext.setAuthentication(authenticate);
            }
            else
            {
                securityContext = SecurityContextHolder.getContext();
                securityContext.setAuthentication(authenticate);
                httpSession.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
            }
        }
    }
    the class UserSession is:

    Code:
    public class UserSession extends User implements Serializable {
    
    	private static final long serialVersionUID = 1L;
    	
    	public static enum Stato {VISITATORE, REGISTRATO, CONFERMATO, LOGGED};
    	public static enum Errors {ERROR_USER_PASSWORD, ERROR_INVALID_STATE, ERROR_EXIST_MAIL};
    
    	private boolean complete;
    	private Stato stato;
    	private String nome;
    	private Errors error;
    	private Long id;
    	
    	public UserSession()
    	{
    		super("username", "password", false, false, false, false, new HashSet<GrantedAuthority>());
    		stato = Stato.VISITATORE;
    	}
    	public UserSession(String username, String password, boolean enabled,
    			boolean accountNonExpired, boolean credentialsNonExpired,
    			boolean accountNonLocked, Collection<GrantedAuthority> authorities) 
    	{
    		super(username, password, enabled, accountNonExpired, credentialsNonExpired,
    				accountNonLocked, authorities);
    		// TODO Auto-generated constructor stub
    	}
    
    	public UserSession(String username, String password, boolean enabled,
    			boolean accountNonExpired, boolean credentialsNonExpired,
    			boolean accountNonLocked, Collection<GrantedAuthority> authorities,
    			String nome, Errors error, Long id) 
    	{
    		super(username, password, enabled, accountNonExpired, credentialsNonExpired,
    				accountNonLocked, authorities);
    		this.stato = stato;
    		this.nome = nome;
    		this.error = error;
    		this.id = id;
    	}
    
    	public Stato getStato() {
    		return stato;
    	}
    
    	public void setStato(Stato stato) {
    		this.stato = stato;
    	}
    
    	
    	public String getNome() {
    		return nome;
    	}
    
    	public void setNome(String nome) {
    		this.nome = nome;
    	}
    
    	public Errors getError() {
    		return error;
    	}
    
    	public void setError(Errors error) {
    		this.error = error;
    	}
    
    	public Long getId() {
    		return id;
    	}
    
    	public void setId(Long id) {
    		this.id = id;
    	}
    	public boolean isComplete() {
    		return complete;
    	}
    	public void setComplete(boolean complete) {
    		this.complete = complete;
    	}
    	
    }
    the error performance is:

    SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/UtenteVoli] threw exception [Request processing failed; nested exception is java.lang.ClassCastException: java.lang.String cannot be cast to esempio.service.UserSession] with root cause
    java.lang.ClassCastException: java.lang.String cannot be cast to esempio.service.UserSession
    at esempio.service.SpringSecurityContext.getUser(Spri ngSecurityContext.java:26)
    at esempio.service.LoginService.service(LoginService. java:18)
    at esempio.web.LoginController.login(LoginController. java:30)


    Can anyone be of help?? ...
    basically tells me that the cast (UserSession) securityContext.getAuthentication (). getPrincipal ();
    can not be done ...but why??how can I fix this??
    thank you in advance!!

  • #2
    Attachment
    to point out,
    the function getPrincipal ()
    returns an Object
    and then I cast it to UserSession
    as you can see in the image
    Attached Files

    Comment

    Working...
    X